From owner-freebsd-questions Sun Dec 23 23:44:26 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mta3n.bluewin.ch (mta3n.bluewin.ch [195.186.1.212]) by hub.freebsd.org (Postfix) with ESMTP id 9629337B419 for ; Sun, 23 Dec 2001 23:44:21 -0800 (PST) Received: from saturn.spectraweb.ch (195.186.190.213) by mta3n.bluewin.ch (Bluewin AG 6.0.039) id 3C234FE80002659D for freebsd-questions@freebsd.org; Mon, 24 Dec 2001 08:43:44 +0100 Received: (from martin@localhost) by saturn.spectraweb.ch (8.11.6/8.11.6) id fBO8ps300345 for freebsd-questions@freebsd.org; Mon, 24 Dec 2001 09:51:54 +0100 (CET) (envelope-from pcservi@spectraweb.ch) Date: Mon, 24 Dec 2001 09:51:43 +0100 From: Martin Schweizer To: freebsd-questions@freebsd.org Subject: Re: ipfw & ftp Message-ID: <20011224095143.B318@spectraweb.ch> Reply-To: Martin Schweizer Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello Darryl I attached you my rc.firewall. I found a solution with passive and active ftp. On Fri, Dec 21, 2001 at 02:05:10PM -0600 Darryl Hoar wrote: > Greetings, > I have setup a firewall/router. My LAN has mostly > win9x, winNt & win2000 clients on it. Since I installed > the firewall, users have been unable to download files > from the internet that are on the vendors ftp site. The > firewall logs show nothing, but I'm assuming its related > to the firewall. > > How do I get around this problem safely? -- Regards Martin Schweizer PC-Service M. Schweizer; Gewerbehaus Schwarz; CH-8608 Bubikon Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch # ipfw add allow all from 192.168.1.1/24 to any keep-state #Freigabe für das interne Netzwerk # ipfw flush # ipfw add allow all from any to any # keep-state = ermöglicht während einer bestimmten Zeit, die Kommunikation # zwischen Client und Server. Nach dieser Zeit (TTL), wird der # Port wieder geschlossen # DNS (läuft nur über UDP) ipfw add allow udp from me to any 53 keep-state ipfw add allow udp from 192.168.1.1/24 to any 53 keep-state # DHCP ipfw add allow udp from 192.168.1.1/24 68 to 192.168.1.1/24 67 keep-state ipfw add allow udp from me 67 to 192.168.1.1/24 68 keep-state ipfw add allow udp from me 67 to 192.168.1.1/24 67 keep-state ipfw add allow udp from 192.168.1.1/24 67 to me 67 keep-state # SMTP ipfw add allow tcp from me to any 25 keep-state ipfw add allow udp from me to any 25 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 25 keep-state ipfw add allow udp from 192.168.1.1/24 to any 25 keep-state # POP3 ipfw add allow tcp from me to any 110 keep-state ipfw add allow udp from me to any 110 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 110 keep-state ipfw add allow udp from 192.168.1.1/24 to any 110 keep-state # HTTP ipfw add allow tcp from me to any 80 keep-state ipfw add allow udp from me to any 80 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 80 keep-state ipfw add allow udp from 192.168.1.1/24 to any 80 keep-state # FTP ipfw add allow tcp from any to any 20 keep-state ipfw add allow tcp from any to any 21 keep-state ipfw add allow tcp from any 20 to me 1024-49151 keep-state # aktives FTP ipfw add allow tcp from any 20 to 192.168.1.1/24 1024-49151 keep-state # ipfw add allow tcp from me 1024-49151 to any keep-state # passives FTP 1. # ipfw add allow tcp from any 10224-49151 to me keep-state # passives FTP 2. # SSH ipfw add allow tcp from me to any 22 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 22 keep-state # Telnet ipfw add allow tcp from me to any 23 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 23 keep-state ipfw add allow tcp from 192.168.1.1/24 to me keep-state # Ping / TraceRoute ipfw add allow icmp from me to any ipfw add allow icmp from any to me ipfw add allow icmp from 192.168.1.1/24 to any ipfw add allow icmp from any to 192.168.1.1/24 # NetBIOS (Samba) ipfw add allow 137 from me to 192.168.1.1/24 keep-state ipfw add allow 137 from 192.168.1.1/24 to me keep-state ipfw add allow 139 from me to 192.168.1.1/24 keep-state ipfw add allow 139 from 192.168.1.1/24 ro me keep-state # Whois ipfw add allow tcp from me to any 63 keep-state ipfw add allow udp from me to any 63 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 63 keep-state ipfw add allow udp from 192.168.1.1/24 to any 63 keep-state # Gopher ipfw add allow tcp from me to any 70 keep-state ipfw add allow udp from me to any 70 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 70 keep-state ipfw add allow udp from 192.168.1.1/24 to any 70 keep-state # Finger ipfw add allow tcp from me to any 79 keep-state ipfw add allow udp from me to any 79 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 79 keep-state ipfw add allow udp from 192.168.1.1/24 to any 79 keep-state # NNTP ipfw add allow tcp from me to any 119 keep-state ipfw add allow udp from me to any 119 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 119 keep-state ipfw add allow udp from 192.168.1.1/24 to any 119 keep-state # NTP ipfw add allow tcp from me to any 123 keep-state ipfw add allow udp from me to any 123 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 123 keep-state ipfw add allow udp from 192.168.1.1/24 to any 123 keep-state # CVSUP ipfw add allow tcp from me to any 5999 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 5999 keep-state # Mailverwaltung Swiss-Web ipfw add allow tcp from me to any 88 keep-state ipfw add allow tcp from 192.168.1.1/24 to any 88 keep-state To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message